All Microsoft Exchange Server components run on Microsoft Windows NT Server as multithreaded Microsoft Windows NT services. As an application that runs on Windows NT Server, Microsoft Exchange Server takes advantage of important features provided by the operating system, such as security. The resources in sites, such as mailboxes, rely on Windows NT Server domains to perform essential security operations. For example, to prevent unauthorized users and services from gaining access to Microsoft Exchange Server resources, domains authenticate users when they log on to their mailboxes.
Microsoft Exchange Server services, such as the information store, the directory, and the system attendant, use a type of Windows NT user account called the site's service account, which allows services access to the system. For example, the directory service uses the site's service account to read and write to the local directory and to directories on other servers. Each site can have only one service account. Therefore, a message transfer agent (MTA) on one server uses the same service account as the MTA on another server in a site.
Just as users must be authenticated by a domain to log on to the network with a client computer, Microsoft Exchange Server services also must be authenticated by a domain to run in a site. A site's service account must be authenticated either by the domain that contains the Microsoft Exchange Server computers or by a trusted domain before the Microsoft Exchange Server services can interact.